Brute force ssh attacks


Recommended Posts

Any computer connected to the net is going to see attacks.

 

Me personally I don't have anything accessable to the net...

 

my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night.

Link to post
Share on other sites
Any computer connected to the net is going to see attacks.

 

Me personally I don't have anything accessable to the net...

 

my firewall , cctv camera server & Diskstation 212+ also has open ssh port but attack was only going to Xpenology box ip. i did has default mac address / SN# but i changed it last night.

Link to post
Share on other sites

I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though.

 

Frank

Link to post
Share on other sites

I set my MAC address to native for my card and randomized the other three dummy MACs. I also changed the SSH port as well. That stopped everything for a couple of weeks, but I did see some fresh some IP blocks yesterday in my logs (I block after five failed attempts)... Definitely changing to a non default port cut way way down on the attacks though.

 

Frank

Link to post
Share on other sites

I changed MAC address, SN, default ports and SN but still be attached from China's IP (218.6.6.70 =>Fuzhou, Fujian, China).

 

Please teach me how to check someone success attach my NAS or not?

 

2014_02_17_08_25_47.png

Link to post
Share on other sites

I changed MAC address, SN, default ports and SN but still be attached from China's IP (218.6.6.70 =>Fuzhou, Fujian, China).

 

Please teach me how to check someone success attach my NAS or not?

 

2014_02_17_08_25_47.png

Link to post
Share on other sites
  • 2 months later...

For an added layer you can forward a port in your router to your SSH port on DSM.

 

Your router's config would look like this :

 

External port : 35775

Internal port : 22

 

now you only have to connect to it using ssh -p 35775 user@ip

 

You can also disable the ability to ssh as root, this is common practice to any ssh box, you can then login as say "admin" and then switch to root if you have to. DSM is particular tho and we have to change something first or we won't be able to switch user afterwards.

 

1. Login as ssh root@dsm
2. Change permissions on /bin/su with chmod a+s /bin/su
3. Try it, login with ssh admin@dsm
4. Type su
5. Enter password and type whoami  < this should return "root"
6. Disable root login in /etc/ssh/sshd_config 
as root user do vi /etc/ssh/sshd_config
locate the line that says #PermitRootLogin yes
Press insert and edit it so it looks like "PermitRootLogin no"
Press escape and type ":wq" and press enter
7. In the web GUI, Control Panel > Terminal > Disable SSH and apply > Enable SSH and apply
8. Try to connect as root, it shouldn't let you anymore, so connect as admin

 

That's it, nobody can longer connect to your DSM as root but you still have root capabilities!

 

 

 

 

 

Place your cursor over this line

Link to post
Share on other sites